Data Security Solutions

 Design Security Solutions  Data Security Solutions
 Secure Device Architecture

At Microsemi our devices are being used to implement all or part of a security system, which in turn protects the confidentiality and/or integrity of data. Typically, this involves using cryptographic techniques through the use of our FPGAs or cSoCs to implement a complete one-chip security module or a root-of-trust for a larger system.

Hardware Root of Trust

Software by itself is not secure therefore fielded systems require a Hardware Root-of-Trust (RoT). Once in place, the HW RoT can store keys and perform operations that extend the trust zone to cover other parts of the system, even allowing secure communication across an entrusted network.

For example:

• Execution of secure boot code
• Signature checking of software stored in external memory
• Validation of system boards for authenticity/cloning

Microsemi's non-volatile FPGAs and cSoCs are tamper resistant and allow authentication key storage and algorithm execution.

Intellectual Property

Microsemi has put together a comprehensive suite of industry-standard data encryption intellectual property cores and partnerships that meet the stringent needs of the security marketplace. Our ever increasing security IP portfolio includes:

• DES
• 3DES
• AES
• Pseudo Random Number Generators
• Secure Hash Agorithm
• Common Scrambling Algorithm
• Elliptic Curve
• Cryptography
• 802.1ae

Protection against Security Attacks

Side-channel analysis is a type of attack on a cryptographic system that utilizes the information unintentionally leaked from the real-world implementations of the cryptographic hardware via side-channels.

Microsemi has obtained a license from CRI for the DPA patent portfolio, consisting of more than fifty patents. This license has two main components:

1. It allows Microsemi to use any of CRI's patented techniques to protect the FPGA initial configuration and re-configuration process from side-channel attacks.
2. It allows Microsemi to extend a sub-license to customers who purchase selected Microsemi FPGA devices. The user can then use any of CRI's patented DPA-mitigation techniques to protect their end-application from side-channel attacks. The protection techniques can be incorporated in the user's logic implemented in the FPGA fabric or in the user's firmware executing on a hard or soft microcontroller, in the licensed Microsemi FPGA.

Microsemi plans to provide mitigation of side-channel attacks targeted against the configuration process in future Microsemi commercial, industrial and military non-space FPGA families.

Microsemi is now offering several existing FPGA families, including the industry leading IGLOO Series, ProASIC3 Series, SmartFusion and Fusion families, with a DPA countermeasure license. No further CRI license will be required to incorporate CRI-patented DPA mitigation techniques in these FPGAs, eliminating the significant time, resources and inconvenience involved in each customer obtaining a CRI DPA patent portfolio license.

Zeroization

Zeroization is the practice of erasing sensitive parameters to prevent their disclosure if the system is attacked, or is at an increased risk of unauthorized access. Data security is an important aspect in many applications where high-value assets are at risk. The designer must protect the data to ensure the integrity and confidentiality of the system. Historically, this issue has been a major concern in financial and military applications, but it can also play a key role in many consumer, commercial, and industrial applications where unique or highly sensitive content is embedded in the data stream that passes through the system, for example in digital rights management applications; or where it is desired that the intellectual property comprising the design itself is to be kept confidential. The Zeroization capability provides the designer with the ability to protect the data in case a tamper event is detected.
Learn More »